From 1f520116f01c4b085af3df2464dce86fd4f93027 Mon Sep 17 00:00:00 2001 From: Nicholas Staples Date: Tue, 5 Jan 2016 14:30:06 +0000 Subject: [PATCH] Sign in view, form and template refactored. --- app/main/views/sign_in.py | 36 +++++++++++----------------- app/templates/views/signin.html | 11 ++------- tests/app/main/views/test_sign_in.py | 24 +++++++++---------- 3 files changed, 28 insertions(+), 43 deletions(-) diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py index a5bb4f6c3..3e29ab000 100644 --- a/app/main/views/sign_in.py +++ b/app/main/views/sign_in.py @@ -8,28 +8,20 @@ from app.main.forms import LoginForm from app.main.views import send_sms_code -@main.route("/sign-in", methods=(['GET'])) -def render_sign_in(): - return render_template('views/signin.html', form=LoginForm()) - - -@main.route('/sign-in', methods=(['POST'])) -def process_sign_in(): +@main.route('/sign-in', methods=(['GET', 'POST'])) +def sign_in(): form = LoginForm() if form.validate_on_submit(): user = users_dao.get_user_by_email(form.email_address.data) - if user is None: - return jsonify(authorization=False), 401 - if user.is_locked(): - return jsonify(locked_out=True), 401 - if not user.is_active(): - return jsonify(active_user=False), 401 - if check_hash(form.password.data, user.password): - send_sms_code(user.id, user.mobile_number) - session['user_id'] = user.id - else: - users_dao.increment_failed_login_count(user.id) - return jsonify(authorization=False), 401 - else: - return jsonify(form.errors), 400 - return redirect('/two-factor') + + if user: + if not user.is_locked() and user.is_active() and check_hash(form.password.data, user.password): + send_sms_code(user.id, user.mobile_number) + session['user_id'] = user.id + return redirect('/two-factor') + else: + users_dao.increment_failed_login_count(user.id) + # Vague error message for login + form.password.errors.append('Username or password is incorrect') + + return render_template('views/signin.html', form=form) diff --git a/app/templates/views/signin.html b/app/templates/views/signin.html index 0c3d34531..859d843d8 100644 --- a/app/templates/views/signin.html +++ b/app/templates/views/signin.html @@ -14,18 +14,11 @@ Sign in
{{ form.hidden_tag() }} -

- - {{ form.email_address(class="form-control-2-3", autocomplete="off") }}
-

-

- - {{ form.password(class="form-control-1-4", autocomplete="off") }}
-

+ {{ render_field(form.email_address, class='form-control-2-3') }} + {{ render_field(form.password, class='form-control-2-3') }}

Forgotten password?

-

diff --git a/tests/app/main/views/test_sign_in.py b/tests/app/main/views/test_sign_in.py index cc4778a37..bedf6554c 100644 --- a/tests/app/main/views/test_sign_in.py +++ b/tests/app/main/views/test_sign_in.py @@ -50,14 +50,14 @@ def test_should_return_locked_out_true_when_user_is_locked(notifications_admin, data={'email_address': 'valid@example.gov.uk', 'password': 'val1dPassw0rd!'}) - assert response.status_code == 401 - assert '"locked_out": true' in response.get_data(as_text=True) + assert response.status_code == 200 + assert 'Username or password is incorrect' in response.get_data(as_text=True) another_bad_attempt = notifications_admin.test_client().post('/sign-in', data={'email_address': 'valid@example.gov.uk', 'password': 'whatIsMyPassword!'}) - assert another_bad_attempt.status_code == 401 - assert '"locked_out": true' in response.get_data(as_text=True) + assert another_bad_attempt.status_code == 200 + assert 'Username or password is incorrect' in response.get_data(as_text=True) def test_should_return_active_user_is_false_if_user_is_inactive(notifications_admin, @@ -76,19 +76,19 @@ def test_should_return_active_user_is_false_if_user_is_inactive(notifications_ad data={'email_address': 'inactive_user@example.gov.uk', 'password': 'val1dPassw0rd!'}) - assert response.status_code == 401 - assert '"active_user": false' in response.get_data(as_text=True) + assert response.status_code == 200 + assert 'Username or password is incorrect' in response.get_data(as_text=True) -def test_should_return_401_when_user_does_not_exist(notifications_admin, notifications_admin_db, notify_db_session): +def test_should_return_200_when_user_does_not_exist(notifications_admin, notifications_admin_db, notify_db_session): response = notifications_admin.test_client().post('/sign-in', data={'email_address': 'does_not_exist@gov.uk', 'password': 'doesNotExist!'}) - - assert response.status_code == 401 + assert response.status_code == 200 + assert 'Username or password is incorrect' in response.get_data(as_text=True) -def test_should_return_400_when_user_is_not_active(notifications_admin, notifications_admin_db, notify_db_session): +def test_should_return_200_when_user_is_not_active(notifications_admin, notifications_admin_db, notify_db_session): user = User(email_address='PendingUser@example.gov.uk', password='val1dPassw0rd!', mobile_number='+441234123123', @@ -100,8 +100,8 @@ def test_should_return_400_when_user_is_not_active(notifications_admin, notifica response = notifications_admin.test_client().post('/sign-in', data={'email_address': 'PendingUser@example.gov.uk', 'password': 'val1dPassw0rd!'}) - assert response.status_code == 401 - assert '"active_user": false' in response.get_data(as_text=True) + assert response.status_code == 200 + assert 'Username or password is incorrect' in response.get_data(as_text=True) def _set_up_mocker(mocker):